Guest Column | May 22, 2020

Ransomware: Cyber Crime's Billion-Dollar Industry

By David Jemmett, Cerberus Sentinel

Preventing Healthcare Ransomware

Ransomware is one of the most notorious and destructive tools in a hackers’ arsenal, with companies falling victim to attacks every day. The threat is a type of malware that infects computer systems, identifies underlying data, and holds that data hostage by encrypting it until a ransom is paid. In the last year, the world has witnessed multiple high-profile attacks, including a series of government networks being brought to a standstill after they were infected. Today, ransomware has evolved into a real-world threat and any organization or individual has the potential to become a victim. However, one industry at particularly high risk is healthcare.

Healthcare organizations are a prime target for cybercriminals due to the data repositories held by healthcare organizations.  These records are very lucrative and sought after in the black market of the Dark web. Typically, healthcare organizations do not have the budget to deploy state-of-the-art security solutions from budget constraints, they are fairly easy to compromise. The Healthcare industry also struggles to find and keep security talent, with teams being replaced regularly, leaving gaps in their knowledge and security posture which are frequently exploited by cybercriminals.

As a result, there have been thousands of successful attacks globally on healthcare organizations, with one of the most recent involving the University Hospital Centre (CHU) in Rouen, France.  In this situation, the hospital had to resort back to pen and paper after its systems fell victim to ransomware. The attack left the staff unable to access important patient information, which they have become reliant, with the hospital admitting there would be ‘very long delays in care services.’ The attack highlighted just how dangerous ransomware can be for healthcare organizations.

The attack also demonstrated the findings of a recent study from Vanderbilt University's Owen Graduate School of Management, which revealed that hospitals that suffered ransomware attacks saw an increase in fatal heart attacks. The study looked at healthcare data breaches and ransomware attacks and found that it takes facilities hit by a data breach or ransomware an extra 2.7 minutes to respond to a patient with a suspected heart attack. As a result of this delay, data has shown that there are as many as 36 additional deaths per 10,000 heart attacks that occur each year.

So, just how big is the threat to the healthcare sector and how can these lethal attacks be prevented?

Reality Is Worse Than The Fiction

Healthcare organizations hold swathes of confidential data on millions of individuals, making them a very attractive target for cybercriminals, a literal gold mine. Not only is there a high chance a hospital will be forced to pay a ransom if its data is held hostage, the data healthcare organizations hold is also very lucrative in the cybercrime underworld, but particularly infant healthcare records as these also provide an attacker with the longest window of opportunity and clean history.

When an attacker infiltrates a hospital network, they try and gain access to all patient data – detailed personal information on new-borns, old and new patients, and even people who have died. This kind of information is very lucrative on the cybercrime black market and can be used in identity fraud and insurance claims. Essentially, a cybercriminal sees financial potential in every record obtained from a healthcare organization.

While there have been multiple studies documenting the rise of ransomware, very few show a clear picture of the reality. For instance, a recent study from Comparitech revealed that there have been 172 ransomware attacks on some 1,442 healthcare providers in the US since 2016 which have cost an estimated $157 million, however, these figures largely underestimate the true extent of the threat. The reality is healthcare organizations have paid significantly more but many of the incidents go completely unreported. This does not account for the actual damage caused by downtime, recovery efforts, and forensics to find the bad actor.  Recent trends extend the threat beyond the “ware” malware threat of ransom. As detection capabilities to spot the black-market ransomware employed by cybercriminals have improved, some cybercriminals are bypassing detection by simply copying critical healthcare information and threatening to release it publicly unless a ransom is paid.

Ransomware attacks on healthcare institutions have created a major industry for cybercriminals and the actual figure is more in the hundreds of millions worldwide in demands, if not billions. Typically, hospitals or major clinics have kept the actual number to a minimum either due to federal agencies being involved to investigate or not disclosing the actual demand from the ransomware criminal.  This is to keep the “Hype” or “Fanfare” from spreading and fanning the fire of criminals and encouraging them to continue with their crimes. 

Defending Against Ransomware

When it comes to defending against ransomware attacks there are several steps healthcare organizations can take.

Because attacks evolve at such a fast pace the best defense is always cultivating a culture of employee cybersecurity awareness. This means teaching staff about online security threats and the techniques cybercriminals use to attack organizations. One of the most important lessons is to teach staff to think before they click on links in emails or open attachments from unknown senders. These are the most common techniques bad actors use to gain access to systems and exploit the trusted access from end-user computers or mobile devices to servers within the environment.

As healthcare organizations continue to modernize, it is also important to carry out inventories of all devices on the network and ensure they are secured and up to date with the latest patches. With hospitals adding internet connectivity or IP-based connectivity to medical devices, new avenues are created for cybercriminals to gain access to networks and infect systems. However, many hospitals do not regulate employee personal devices which are accessing the wireless network and, if not properly secured or infected with malware, can affect the entirety of the hospital. Further, often medical device appliances used for specific healthcare tests are built upon common operating systems such as “embedded” versions of the Windows or Linux that are often not manageable or monitorable by the healthcare organization’s IT staff, but still requires ongoing security patching and updates as new vulnerabilities are discovered. It is therefore important to inventory every single device on the network and ensure it does not provide attackers with an unmonitored entry point.

Ransomware is a destructive form of malware that is having a huge impact on healthcare organizations and putting tens of millions of patients’ data at risk. However, by practicing good security hygiene and educating staff about threats, healthcare organizations can minimize their chances of falling victim to attack. Cybersecurity is a culture, not a product, and being aware is one of the key factors of successfully thwarting an attack.

About The Author

David Jemmett, CEO and Founder of Cerberus Sentinel, has more than 20 years of executive management and technology experience with telecommunications, managed services, and consulting services. He has specialized expertise in healthcare, HIPPA, and governmental regulations, and has been intimately involved in designing, building, re-vamping, and/or managing networks and data centers worldwide. David has spoken before both the U.S. Congress and Senate Subcommittees on Telecommunications and Internet Security, and he has shared his expertise on broadband networking technologies as a guest speaker on CBS, CNN, MSNBC, and CSPAN.